A cryptographic vulnerability in Yubico hardware security keys and modules may allow attackers to clone the devices.

SOCRadar Dark Web Team has uncovered a series of alarming cyber threats involving unauthorized access sales, database leaks, and new phishing services. Among the most concerning incidents is the alleged sale of Citrix RDP access to an American company. Additionally, an exploit for a newly identified vulnerability in Jenkins, CVE-2024-43044, has been shared. Other incidents include the sale of employee data from the Union Bank of India, database leaks exposing sensitive information of millions of users, and the emergence of a new phishing service.

Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA).

Follow us on Twitter (X) @Hackread - Facebook @ /Hackread

Canonical has rolled out essential security updates for Ubuntu, addressing multiple Linux kernel vulnerabilities that also impact Amazon Web Services

The White House has released a roadmap for addressing internet routing (BGP) security issues, mainly through RPKI adoption.

​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.

VMware has released patches for a high-severity vulnerability in the Fusion hypervisor that could lead to code execution.

Zyxel has released patches for vulnerabilities in its networking devices, including a critical flaw impacting APs and security routers.

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens.

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

The oil and gas giant Halliburton confirmed to regulators Tuesday that it believes data was stolen from its systems in a recent cyberattack.

Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies.

In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc.

Discover the powerful and versatile ManticoraLoader, a new malware-as-a-service tool introduced by threat actors linked to AresLoader and AiDLocker ransomware.

Hacktivist group Head Mare targets Russian and Belarusian organizations with advanced cyber attacks using custom malware and the latest WinRAR vulnera

The rapid growth of Web3 has presented new opportunities for threat actors, especially in decentralized finance.

The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable.

Sometimes there’s more than just an enticing product offer hiding behind an ad. One thing is true: Malware developers are deeply invested in improving their malware and exploring different way…

SD1692 | ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities

The Stable channel has been updated to 128.0.6613.119/.120 for Windows, Mac and  128.0.6613.119 for Linux which will roll out over the comin...

9+ Vulnerabilities resolved in latest update from Mozilla

CVE: CVE-2024-7261 Summary Zyxel has released patches addressing an operating system (OS) command injection vulnerability in some access point (AP) and security router versions.

CVEs: CVE-2024-6343, CVE-2024-7203, CVE-2024-42057, CVE-2024-42058, CVE-2024-42059, CVE-2024-42060, CVE-2024-42061 Summary Zyxel has released patches addressing multiple vulnerabilities in some firewall versions. Users are advised to install the patches for optimal protection.

This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix XSS vulnerability in post-processing of sanitized HTM...